Back door found in Dynalink DSL router

Dynalink is warning customers of a possible security issue with its popular RTA-230 DSL router and is taking action to remove a second management account with a recently-cracked password, after being alerted to the issue by Computerworld.

The Dynalink RTA-230 is based on the Broadcom 96345 chipset and runs embedded Linux as the router operating system. Unknown to most users, the RTA-230 has a second management account with full system access that was discovered last week by an Italian Dynalink customer while reverse-engineering the router to build new Linux firmware for it.

The Italian customer, who signed his name as Fabio, posted an alert on the Bugtraq security forum about the second administrative account. He says the router's password can be easily decrypted using readily available brute-force cracking tools.

With full root privileges and a command shell, the second account could be used to take over the router. Computerworld contacted Fabio via email, who confirmed the existence of a second administrative account in the firmware image that ships with the RTA-230, named rta230nz-v021203_21_a0_23g.bin.

After verifying the existence of the second account, Dynalink managing director Ian Ferry says he has asked the company’s Taiwanese manufacturer, Askey, to remove it in the next router firmware release.

In the alert to customers with the RTA-230, Ferry advises them to “first change the router’s administrative password and, as the router is Linux-based, care must be taken to prevent unauthorised access to the administrator account.”

Dynalink engineer Casey Mak says the router’s web and telnet administrative interfaces are configured by default not to listen for connections from the internet, and only allow access from the local area network. For an attacker to logon to the router remotely, customers would have to configure the telnet service to listen for connections from the internet.

A management account is a requirement by many DSL providers overseas, Mak adds, so that they can remotely configure the router instead of having to do so on-site. However, Mak acknowledges the dangers of the second account with a known password, and says Dynalink is working with Askey to improve security for remote access for the router.

Furthermore, as a result of the security issue, Ferry says Dynalink will submit the router to a “suitable third party” to vet it for any other issues.

In April last year another security hole was found in another Dynalink router, the RTA020. Andrew Connell, the Aucklander who discovered the vulnerability, emailed Dynalink customers himself after deciding the warning placed on Dynalink's website was insufficient warning to customers.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.